Merge tag 'selinux-pr-20180130' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

torvalds · torvalds · commit 2cfa1cd3da14 · 2018-01-31T14:16:13.000-08:00
Pull selinux updates from Paul Moore:
 "A small pull request this time, just three patches, and one of these
  is just a comment update (swap the FSF physical address for a URL).

  The other two patches are small bug fixes found by szybot/syzkaller;
  they individual patch descriptions should tell you all you ever wanted
  to know"

* tag 'selinux-pr-20180130' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: skip bounded transition processing if the policy isn't loaded
  selinux: ensure the context is NUL terminated in security_context_to_sid_core()
  security: replace FSF address with web source in license notices
diff --git a/security/selinux/include/netlabel.h b/security/selinux/include/netlabel.h
@@ -19,8 +19,7 @@
  * the GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
- * along with this program;  if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
 
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
@@ -22,8 +22,7 @@
  * the GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
- * along with this program;  if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
 
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
@@ -867,6 +867,9 @@ int security_bounded_transition(u32 old_sid, u32 new_sid)
 	int index;
 	int rc;
 
+	if (!ss_initialized)
+		return 0;
+
 	read_lock(&policy_rwlock);
 
 	rc = -EINVAL;
@@ -1413,27 +1416,25 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
 	if (!scontext_len)
 		return -EINVAL;
 
+	/* Copy the string to allow changes and ensure a NUL terminator */
+	scontext2 = kmemdup_nul(scontext, scontext_len, gfp_flags);
+	if (!scontext2)
+		return -ENOMEM;
+
 	if (!ss_initialized) {
 		int i;
 
 		for (i = 1; i < SECINITSID_NUM; i++) {
-			if (!strcmp(initial_sid_to_string[i], scontext)) {
+			if (!strcmp(initial_sid_to_string[i], scontext2)) {
 				*sid = i;
-				return 0;
+				goto out;
 			}
 		}
 		*sid = SECINITSID_KERNEL;
-		return 0;
+		goto out;
 	}
 	*sid = SECSID_NULL;
 
-	/* Copy the string so that we can modify the copy as we parse it. */
-	scontext2 = kmalloc(scontext_len + 1, gfp_flags);
-	if (!scontext2)
-		return -ENOMEM;
-	memcpy(scontext2, scontext, scontext_len);
-	scontext2[scontext_len] = 0;
-
 	if (force) {
 		/* Save another copy for storing in uninterpreted form */
 		rc = -ENOMEM;

Original file line number	Diff line number	Diff line change
`@@ -19,8 +19,7 @@`
`19`	`19`	`* the GNU General Public License for more details.`
`20`	`20`	`*`
`21`	`21`	`* You should have received a copy of the GNU General Public License`
`22`		`- * along with this program; if not, write to the Free Software`
`23`		`- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA`
	`22`	`+ * along with this program. If not, see <http://www.gnu.org/licenses/>.`
`24`	`23`	`*`
`25`	`24`	`*/`
`26`	`25`
Original file line number	Diff line number	Diff line change
`@@ -22,8 +22,7 @@`
`22`	`22`	`* the GNU General Public License for more details.`
`23`	`23`	`*`
`24`	`24`	`* You should have received a copy of the GNU General Public License`
`25`		`- * along with this program; if not, write to the Free Software`
`26`		`- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA`
	`25`	`+ * along with this program. If not, see <http://www.gnu.org/licenses/>.`
`27`	`26`	`*`
`28`	`27`	`*/`
`29`	`28`